#VU102494 Resource management error in Linux kernel - CVE-2024-56785

Vulnerability identifier: #VU102494

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56785

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/01575f2ff8ba578a3436f230668bd056dc2eb823
https://git.kernel.org/stable/c/4fbd66d8254cedfd1218393f39d83b6c07a01917
https://git.kernel.org/stable/c/5a2eaa3ad2b803c7ea442c6db7379466ee73c024
https://git.kernel.org/stable/c/8ef9ea1503d0a129cc6f5cf48fb63633efa5d766
https://git.kernel.org/stable/c/a7fd78075031871bc68fc56fdaa6e7a3934064b1
https://git.kernel.org/stable/c/c8ee41fc3522c6659e324d90bc2ccd3b6310d7fc

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.